IN THE CLAIMS : 

Please amend claims 1 and 4-12 as follows. Please cancel claim 2 without 
prejudice or disclaimer. Please add new claims 13-18 as follows. 

1. (Currently Amended) A method for maintaining a secure tunnel in a 
packet based communication system , the method comprising the steps of : 

[[- ]]establishing a secure tunnel between a security gateway in a second network 
and a mobile terminal being-located at a first address in a first network, wherein the first 
network is a public packet network and the second network is a private packet network 
and wherein t he security gateway connects the first network to a second network and the 
mobile terminal has a second address that identifies the mobile terminal in the second 
network; 

[[- ]]in the security gateway, identifying the secure tunnel based on the second 
address in packets destined for the mobile terminal from the second network; 

[[- ]]detecting a change in the first address of the mobile terminal; 

[[- ]]in response to the detecting-step, sending an update message to the security 
gateway, wherein the update message includes a new address value of the first address; 
and 

[[- ]]based on the update message, updating the first address associated with the 
secure tunnel. 

2. (Cancelled). 
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3. (Original) A method according to claim 1, wherein the update message is a 
normal data message to be transmitted to the security gateway when the change is 
detected. 

4. (Currently Amended) A method according to claim 1, wherein the sending 
step-includes creating a dummy packet and sending it as the update message to the 
security gateway. 

5. (Currently Amended) A method according to claim 1, wherein the sending 
step-includes creating an update message including a NAT-D payload for detecting 
configured to detect a network address translation device between the mobile terminal 
and the security gateway. 

6. (Currently Amended) A mobile terminal for a packet based 
communication systom A n apparatus , the mobile terminal comprising: 

[[- ]]tunnel establishment means for establishing a secure tunnel to a security 
gateway through a packet network; wherein the security gateway is configured to connect 
a first network to a second network, -and- the first network being a public packet network 
and the second network being a private packet network, the security gateway is in the 
second network and the mobile terminal has a first address that depends on its current 
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location in the first network and a second address that identifies the mobile terminal in 
the second network; and 

[[- ]]address update means for sending an update message through said secure 
tunnel to the security gateway when the first address changes, wherein the update 
message includes a new address value of the first address. 

7. (Currently Amended) A mobile terminal An apparatus according to claim 
615, wherein the address update mean s are control unit is configured to create a dummy 
packet if there is no data to be sent through the secure tunnel when the first address 
changes. 

8. (Currently Amended) A mobile terminal An apparatus according to claim 
615, wherein the addres s update means arc control unit is configured to create an update 
message including a NAT-D payload for detecting configured to detect a network address 
translation device between the mobile terminal and the security gateway. 

9. (Currently Amended) A security gateway for a packet based 
communication systcm A n apparatus , the security gateway comprising: 

[[- ]]tunnel establishment means for establishing a secure tunnel to a mobile 
terminal located at a first address in a first network, wherein the security gateway is in a 
second network and configured to connect the first network to a second network , the first 
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network being a public packet network and the second network being a private packet 
network, and the mobile terminal has a second address that identifies the mobile terminal 
in the second network; 

[[- ^identification means for identifying the secure tunnel based on the second 
address in a packet originated from the second network and destined for the mobile 
terminal; and 

[[- ]]address update means for updating the first address associated with the secure 
tunnel, the address update means being responsive to a message received from the mobile 
terminal, the message including a new value of the first address. 

10. (Currently Amended) A syste m for maintaining a secure tunnel in a 
packet - based communication system , the system comprising: 

[[- ]]tunnel establishment means for establishing a secure tunnel between a 
security gateway in a second network and a mobile terminal feeiag-located at a first 
address in a first network, wherein - the first network is a public packet network and the 
second network is a private packet network, the security gateway is configured to 
connect the first network to a second network, and the mobile terminal has a second 
address that identifies the mobile terminal in the second network; 

[[- ]]detection means for detecting a change in the first address; 
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[[- ]]first address update means, responsive to the detection means, for sending an 
update message to the security gateway, wherein the update message includes a new 
address value of the first address; 

[[- ]]in the security gateway, second address update means for updating the first 
address associated with the secure tunnel in response to the update message; and 

[[- ]]in the security gateway, identification means for identifying the secure tunnel 
based on the second address in a packet originated from the second network and destined 
for the mobile terminal. 

1 1 . (Currently Amended) A computer useable storage medium having 
computer readable program code embodied therein to enable a mobile terminal to 
communicate with a security gateway in a packet-based communication system, the 
computer readable program code comprising: 

[[- ]]computer readable program code for causing configured to cause the mobile 
terminal to establish a secure tunnel to a security gateway through a packet network; 
wherein the security gateway is configured to connect a first network to a second 
networ k, the first network being a public packet network and the second network being a 
private pac ket network, the security gateway is in the second network -and the mobile 
terminal has a first address that depends on its current location in the first network and a 
second address that identifies the mobile terminal in the second network; and 
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[[- ]]computer readable program code for causing configured to cause the mobile 
terminal to send an update message through said secure tunnel to the security gateway 
when the first address changes, wherein the update message includes a new address value 
of the first address. 

12. (Currently Amended) A computer useable medium having computer 
readable program code embodied therein to enable a mobile terminal located at a first 
address in a first network to communicate with a security gateway in a packet-based 
communication system, the security gateway being in a second network and configured 
to connect a first network to a second network, the first network being a public packet 
network and the second network being a private packet network, and the computer 
readable program code comprising: 

[[- ]]computer readable program code for causing configured to cause the mobile 
terminal to send an update message through a secure tunnel to the security gateway when 
a first address that depends on the mobile terminal's current location in the first network 
changes, wherein the update message includes a new address value of the first address. 

13. (New) A method, comprising: 

establishing a secure tunnel from a first network to a security gateway in a second 
network through a packet network; wherein the security gateway is configured to connect 
a first network to a second network, the first network is a public packet network and the 
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second network is a private packet network, -and the mobile terminal has a first address 
that depends on its current location in the first network and a second address that 
identifies the mobile terminal in the second network; and 

sending an update message through said secure tunnel to the security gateway 
when the first address changes, wherein the update message includes a new address value 
of the first address. 

14. (New) A method, comprising: 

establishing a secure tunnel from a second network to a mobile terminal located at 
a first address in a first network, wherein the security gateway is configured to connect 
the first network to a second network, the first network is a public packet network and the 
second network is a private packet network, and the mobile terminal has a second address 
that identifies the mobile terminal in the second network; 

identifying the secure tunnel based on the second address in a packet originated 
from the second network and destined for the mobile terminal; and 

updating the first address associated with the secure tunnel, the address update 
means being responsive to a message received from the mobile terminal, the message 
including a new value of the first address. 



15. (New) An apparatus, comprising: 
a control unit configured to 
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establish a secure tunnel from a first network to a security gateway in a 
second network through a packet network, wherein the security gateway is 
configured to connect a first network to a second network, the first network is a 
public packet network and the second network is a private packet network, and the 
mobile terminal has a first address that depends on its current location in the first 
network and a second address that identifies the mobile terminal in the second 
network, and 

send an update message through said secure tunnel to the security gateway 
when the first address changes, wherein the update message includes a new 
address value of the first address. 

16. (New) An apparatus, comprising: 
a control unit configured to 

establish a secure tunnel from a second network to a mobile terminal 
located at a first address in a first network, wherein the security gateway is 
configured to connect the first network to a second network, the first network is a 
public packet network and the second network is a private packet network and the 
mobile terminal has a second address that identifies the mobile terminal in the 
second network, 

identify the secure tunnel based on the second address in a packet 
originated from the second network and destined for the mobile terminal, and 
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update the first address associated with the secure tunnel, being responsive 
to a message received from the mobile terminal, the message including a new value of the 
first address. 

17. (New) The apparatus of claim 16 further comprising a memory unit 
configured to store a table mapping the second address with the secure tunnel, 
wherein the control unit is further configured to use the table to identify the secure tunnel. 

18. (New) The apparatus of claim 16, further comprising a user interface 
configured to operate the apparatus. 
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